Career Notes 10.2.22
Ep 119 | 10.2.22

Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO]


Kayla Williams: My name is Kayla Williams and I am a Chief Information Security Officer.

Kayla Williams: When I was a child, I had wanted to be an archeologist or a paleontologist. I grew up in the time of Jurassic Park and The Land Before Time, and was absolutely fascinated by dinosaurs and just everything that was going on back millions of years ago. However, as I began to grow up, I realized that I did not have the patience for all the education that was going to be required to go through an archeological or paleontological course. So I shifted focus and wanted to become a lawyer or an accountant.

Kayla Williams: During college, I was really determined to become a Chief Financial Officer. My uncle had been a real estate attorney and had told me about his experiences with accountants and how my skillset would really shine in, in that type of a situation. So I graduated with a degree in accounting, far from what I wanted to do when I was a child. I began an internship working in a, uh, auditing firm in Massachusetts that was auditing municipalities and banks. After graduation, while I started and worked through my master's degree, I continued at a different firm doing the same thing.

Kayla Williams: I realized very early on that external auditing was not for me. So I transferred into the new global information security group at this organization. That was roughly 2013 that I made that shift and within three months of working in the new environment, I got my first information security certification through SANS, and about six months later, I was offered the opportunity to move to England and that just absolutely changed my life.

Kayla Williams: I moved to Bristol, England, uh, in November of 2013 by myself, I actually made the choice to leave my three year old daughter with her father here in the U.S. Um, and I went over there and just began working and it was very different to experience the pub culture and, um, the working culture. I've never had so much tea before in my life. I was able to work not only on many new projects for implementation, such as sale point for our identity and access management platform. The kind of manager that I wanted to be, the type of programs that I wanted to run. Um, and that's really led me down the path that I've continued down within the information security realm.

Kayla Williams: I manage my team by trust. I do not like to micromanage. The world is moving today based on our, you know, last two and a half years of COVID and the experience there has really led to a shift in working style and being flexible and not always questioning the motives of your employees and, and really putting them under the, the wire really produces better results. If people feel trusted and empowered. They are likely to do more and I really try to lead my team in that manner.

Kayla Williams: We really try to be the department of no problem versus the department of no. So we do try to focus on how we can be better consultants, advisors, and really partners to the rest of the team. And, when things pop up, especially if it's going to facilitate the sales process, we do drop everything and do everything we can to, to address the need.

Kayla Williams: Typically, we have multiple meetings a day around compliance and security programs, but it's more consultancy versus we have a problem and I think a great way to demonstrate that we have good partnerships with people and, and that's really important. The, the security function or compliance function should not be seen as the, you know, like I said, the department of no, or the roadblock at the end, they should be seen as a partner and looped in at the beginning.

Kayla Williams: Everyone has had experiences where there are people that just disagree with you don't see the value in what you're doing, or, you know, they see the value, but feel that, you know right now is not the time, uh, for anyone in the security field, we really need to demonstrate through our competencies, through our skills, that we are capable of adding value and showing what that is. We shouldn't feel backed into a corner or put on the spot by people that don't understand because although technology has been around for a very long time. Chief information security officer roles, or, you know, compliance roles, GRC, security assurance, it's all relatively new still because technology and things change so quickly.

Kayla Williams: So that mentality, um, is found everywhere in every organization, across the world and in order to kind of move past it it's to kill them with kindness mentality,  make sure that you are always available, that you are gaining consensus for the things that are going on, that you can prove that you're not dictating anything to them and that you're there to partner. It's just very important. And that's how you, you know, win friends as they say, working together and, and negotiating. Not everything is a fire drill when it comes to security, you know, you don't wanna cry wolf, as they say, um, you wanna make your case, ask if there's consensus on the risk, and if there is partner to move forward or risk accepted, if you have to document it for compliance and risk purposes, but really building those bridges in, in, in the face of adversity and in the face of those people who may, may be naysayers or, uh, disbelievers in something, um, can really go a long way.

Kayla Williams: My best advice would be to ignore the college requirements that are in job wrecks and for folks that are hiring people to just flat out, remove them now, um, it's an outdated concept. In technology, a lot of people have hands on experience cuz they're sitting at home, tinkering away, um, in their own home built labs and, and trying things out. And I really feel that if you want to move into the information security field, whether it be technical, um, compliance driven, um, you know, just apply for the role. So for, for the best advice to people that wanna apply for jobs, if they're switching from something else, you likely have the complimentary skills that are needed to succeed in a security role. You just don't know it yet.

Kayla Williams: I would like to be remembered as somebody who has facilitated collaboration and empathy across my organization and not just within my team, but throughout all the different functional departments. It is really important that everyone understands that we should, we don't have to be best friends, but we need to work together and we all have the common goal of, of being successful and making our organizations more money. Um, but we always tend to forget that there are people at the end of the day that are on the other side of the screen and having empathy for the work that they're doing for, you know, that their personal situation may come into play as well and collaborating and being seen as a partner is very important, no matter what role you're in.